| 1 |
For some reason I keep having this vision in my head... |
| 2 |
|
| 3 |
1. Quarterly updates of the tree. Gentoo Server would maintain 2 |
| 4 |
different server tree, one for the current quarter and one for the |
| 5 |
previous quarter. That does not seem to excessive to a maintain. One |
| 6 |
could specify with tree they want to use (current or delayed) |
| 7 |
|
| 8 |
2. When using emerge, one would have the option to specify a filter |
| 9 |
that would upgrade only the packages on my system that are security |
| 10 |
related. Something like "emerge -u world --security-only-updates". From |
| 11 |
an administrator point of view, this would be executed "often" to |
| 12 |
insure that public exposed servers are patched against vulnerabilities |
| 13 |
immediately. |
| 14 |
|
| 15 |
3. Finally, the ability to archive on the local machine (or rsync local |
| 16 |
server) the ebuilds. So that every-time any package is updated the |
| 17 |
previous ebuild is archived (tar gzip) somewhere on the local system, |
| 18 |
to allow even to revert to the previous ebuild if the upgrade happens |
| 19 |
to break things. |
| 20 |
The opportunity to archive the complete tree and ebuilds on the local |
| 21 |
machine prior to the quarterly updates would be nice too... |
| 22 |
|
| 23 |
Hope this rather simplistic approach helps the discusssion. |
| 24 |
|
| 25 |
|
| 26 |
Regards, |
| 27 |
|
| 28 |
Sébastien |
| 29 |
|
| 30 |
|
| 31 |
On Feb 12, 2004, at 04:21, Eric Sammer wrote: |
| 32 |
|
| 33 |
> The problem with this approach is that you don't benefit from security |
| 34 |
> updates and if you try and update only portions of the "frozen" |
| 35 |
> internal tree, well, you're going to be fighting to say the least. |
| 36 |
> |
| 37 |
> This is what a number of users who need a frozen tree do now and it's |
| 38 |
> proving to be way too much overhead. In theory, the admin maintaining |
| 39 |
> the internal tree is doing the work the Gentoo security team and the |
| 40 |
> arch maintainers are doing anyway, by themselves. |
| 41 |
> |
| 42 |
> Most of the users doing this are doing so because we don't have a |
| 43 |
> frozen tree and, in most cases, 190+ pairs of eyes are better than 1. |
| 44 |
> :) |
Archives